How to Avoid Detection by User-Agent and Headers When Working with Facebook Ads and Instagram

The anti-fraud systems of Facebook, Instagram, TikTok, and other platforms are constantly evolving. One of the main reasons for account bans is the mismatch between the User-Agent and HTTP headers and the actual user environment. In this article, we will discuss how to properly configure these parameters in anti-detect browsers to minimize the risk of blocks when using multiple accounts and traffic arbitrage.

What is User-Agent Detection and Why is it Important

User-Agent is a string in the HTTP header that your browser sends with every request to the server. It contains information about the operating system, browser version, and device. For example, a typical User-Agent looks like this:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

For arbitrageurs and SMM specialists working with multiple accounts, correctly configuring the User-Agent is critically important for the following reasons:

• Anti-fraud systems compare User-Agent with other parameters — if you use a Windows User-Agent but the browser fingerprint indicates macOS, the system will detect it immediately.
• Outdated browser versions raise suspicions — using Chrome 95 when the current version is 120 looks like an attempt to disguise.
• Mismatches between User-Agent and WebGL/Canvas fingerprint — if the User-Agent indicates Intel GPU but the Canvas fingerprint shows AMD, that's a red flag.
• Mobile platforms are particularly sensitive — Instagram and TikTok actively check the correspondence of User-Agent to real devices.

Statistics show that up to 35% of bans when farming Facebook Ads accounts occur precisely due to mismatches in User-Agent and related parameters. Many arbitrageurs are even unaware of this problem, focusing only on proxies and cookies.

How Platforms Identify Header Mismatches

Modern anti-fraud systems of Facebook, Google, and TikTok use multi-level checks that analyze dozens of parameters simultaneously. Here are the main detection methods:

1. Comparing User-Agent with JavaScript Fingerprint

Platforms obtain device information in two ways: through the User-Agent in the HTTP header and through the JavaScript API (navigator.userAgent, navigator.platform, screen.width, and others). If the data does not match, it signals tampering.

2. Analyzing Accept-Language and Time Zone

If you are working with Facebook Ads for the USA, but your Accept-Language header contains "ru-RU," and the time zone is set to "Europe/Moscow," it looks suspicious. Platforms check for consistency:

• Proxy IP addresses (country)
• Accept-Language in HTTP headers
• Time zone from JavaScript
• Browser interface language (navigator.language)

All these parameters must correspond to one geographical location. To work with residential proxies in the USA, you need to set the English language, American time zone, and corresponding User-Agent.

3. Checking Client Hints (New Chrome Technology)

Since 2022, Chrome has been implementing User-Agent Client Hints — a new mechanism for transmitting device information through special headers. Anti-detect browsers like Dolphin Anty, AdsPower, and Multilogin already support this technology, but many users do not configure it correctly.

Client Hints include headers like:

Sec-CH-UA: "Not_A Brand";v="8", "Chromium";v="120", "Google Chrome";v="120"
Sec-CH-UA-Mobile: ?0
Sec-CH-UA-Platform: "Windows"
Sec-CH-UA-Platform-Version: "15.0.0"

If these headers do not match the main User-Agent or are completely absent, the anti-fraud system may detect it.

4. WebGL and Canvas Fingerprint

Each graphics card and driver generates a unique fingerprint when rendering graphics through WebGL and Canvas. Platforms compare this fingerprint with the User-Agent: if you specified Intel GPU in the User-Agent, but WebGL shows AMD Radeon — that’s a mismatch.

Common Mistakes in User-Agent Configuration

Based on the analysis of hundreds of ban cases in arbitrage communities, we have identified the most common mistakes when working with User-Agent and headers:

Mistake 1: Using One User-Agent for All Profiles

Many newcomers to arbitrage set one User-Agent and copy it to all profiles in the anti-detect browser. This is a gross mistake — platforms see that dozens of "different" users have absolutely identical browser parameters.

Mistake 2: Outdated Browser Versions

Using a User-Agent with Chrome version 95 or 100, when the current version is already 120+, looks suspicious. Real users regularly update their browsers, especially Chrome, which updates automatically.

Recommendation: use browser versions no older than 2-3 months. Most anti-detect browsers (Dolphin Anty, AdsPower, GoLogin) automatically update the database of current User-Agents — use this feature.

Mistake 3: Mismatch Between User-Agent and Screen Resolution

If the User-Agent indicates a mobile device like iPhone 13, but the screen resolution is set to 1920x1080 (typical for desktop) — this is detected immediately. Each device corresponds to a specific range of resolutions:

• iPhone 13/14: 390x844 (logical resolution)
• Samsung Galaxy S22: 360x800 or 412x915
• Desktop Windows: 1920x1080, 1366x768, 2560x1440
• MacBook: 1440x900, 1680x1050, 2560x1600

Mistake 4: Ignoring Accept-Language and Geolocation

Are you working with Facebook Ads for a US audience through mobile proxies with American IPs, but forgot to change Accept-Language from "ru-RU,ru" to "en-US,en"? The anti-fraud system sees a user from the USA who prefers the Russian language — this is an anomaly.

The correct setup for working with the USA:

Accept-Language: en-US,en;q=0.9
Timezone: America/New_York (or America/Los_Angeles)
WebRTC: disabled or matches the proxy IP
Geolocation API: permissions not granted (or coordinates in the USA)

Correct User-Agent Setup in Anti-Detect Browsers

Let's consider a step-by-step setup of User-Agent in popular anti-detect browsers for working with Facebook Ads, Instagram, and TikTok.

Setup in Dolphin Anty (most popular for arbitrage)

Dolphin Anty is a leader among arbitrageurs due to its convenience and built-in fingerprint templates. Here’s how to properly set up User-Agent:

1. Create a new profile → select "Create Profile" → in the "Basic Settings" section, find the "User-Agent" field.
2. Select "Auto" mode — Dolphin will automatically generate a current User-Agent based on the selected OS and browser. This is the safest option for beginners.
3. Configure parameter matching:
   • OS: select Windows 10/11 or macOS (the most common)
   • Screen resolution: set typical for the selected OS (1920x1080 for Windows, 1440x900 for Mac)
   • WebGL: leave "Real" or "Spoof" with the corresponding graphics card
4. Set language parameters: if working with the USA — select "English (United States)" in the language settings, Dolphin will automatically set the correct Accept-Language.
5. Check Client Hints: in the "Advanced Settings" section, ensure that the "User-Agent Client Hints" option is enabled (mandatory for Chrome).

Setup in AdsPower

AdsPower offers more flexible settings for advanced users:

1. Open profile settings → "Fingerprint" tab → "User-Agent" section.
2. Select mode:
   • "Automatic" — AdsPower generates User-Agent automatically.
   • "Manual" — manual configuration (for experienced users).
   • "Import from real device" — import from a real device (the safest option).
3. Synchronize with Canvas fingerprint: AdsPower automatically matches WebGL and Canvas fingerprint to the selected User-Agent, but check for consistency in the "Canvas" section.
4. Set variability: in the "Fingerprint Randomization" settings, set the level to "Medium" — this will add slight variations to User-Agent for each new profile.

Setup in Multilogin and GoLogin

Multilogin and GoLogin use a similar approach:

• Multilogin: in profile settings, select "Browser fingerprint" → "User-Agent" → set to "Random" for automatic generation or choose from a list of current versions.
• GoLogin: "Quick Settings" section → "Operating System" → select OS, GoLogin will automatically select the corresponding User-Agent and screen parameters.

Manual User-Agent Setup (for experienced users)

If you want to set up User-Agent manually, use current templates. Here are examples for different platforms (valid as of January 2024):

// Windows 10, Chrome 120
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

// macOS Sonoma, Chrome 120
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36

// Windows 11, Edge 120
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0

// iPhone 14 Pro, Safari
Mozilla/5.0 (iPhone; CPU iPhone OS 17_2 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.2 Mobile/15E148 Safari/604.1

Important: when manually configuring, always check the consistency of all parameters. Use services to check fingerprints (more on this in the "Testing" section).

Consistency of HTTP Headers and Fingerprint

User-Agent is just one of many HTTP headers that anti-fraud systems analyze. To successfully work with multiple accounts, it is necessary to ensure the consistency of all parameters.

Key HTTP Headers for Verification

Consistency with JavaScript API

In addition to HTTP headers, platforms check data obtained through JavaScript. Here are the key parameters that must match the User-Agent:

• navigator.userAgent — must match HTTP User-Agent
• navigator.platform — "Win32" for Windows, "MacIntel" for macOS
• navigator.language — must match Accept-Language (e.g., "en-US")
• screen.width and screen.height — must match typical resolutions for the specified OS
• navigator.hardwareConcurrency — number of CPU cores (should be realistic: 4, 8, 12, 16)
• navigator.deviceMemory — amount of RAM (4, 8, 16 GB for modern devices)

Anti-detect browsers automatically spoof these values according to the selected User-Agent, but it is important to check that the spoofing works correctly.

WebRTC and Real IP Leaks

Even with the correct User-Agent setup and using proxies, WebRTC can reveal your real IP address. This is critical for arbitrageurs working with geo-targeting in Facebook Ads.

Proper WebRTC setup in anti-detect browsers:

1. Dolphin Anty: in profile settings, select WebRTC → "Spoof" → "Use proxy IP"
2. AdsPower: "WebRTC" section → set to "Altered" and select "Use proxy IP"
3. Multilogin: WebRTC → "Use proxy" (the browser will show the proxy IP instead of the real one)

After setup, be sure to check for leaks using services like browserleaks.com/webrtc (more details in the "Testing" section).

How Proxies Affect Headers and Detection

The choice of proxy type directly affects which headers the target platform sees and how natural your traffic looks. Let's consider the features of working with different types of proxies.

Residential Proxies and Fingerprint

Residential proxies use IP addresses of real users, making them the safest for working with Facebook Ads, Instagram, and TikTok. However, there are nuances:

• Geolocation consistency: if you are using a residential proxy from New York, ensure that the timezone is set to "America/New_York," and Accept-Language is "en-US."
• ISP fingerprint: some advanced anti-fraud systems check the correspondence between User-Agent and provider. For example, Comcast (a major ISP in the USA) is more commonly used on desktops than T-Mobile (a mobile operator).
• IP rotation: when rotating residential proxies, ensure that the new IP is in the same country and region; otherwise, the platform will detect a location change.

Mobile Proxies for Instagram and TikTok

Mobile proxies are particularly effective for working with Instagram and TikTok, as these platforms are originally mobile. When using mobile proxies, it is important to:

• Use mobile User-Agent: iPhone or Android depending on geography (in the USA, the share of iPhone is higher; in other countries — Android).
• Set the correct screen resolution: for iPhone 13/14 — 390x844, for Samsung Galaxy — 360x800 or 412x915.
• Check touch events: mobile devices support touch, desktops do not. Anti-detect browsers should emulate touch events when using mobile User-Agent.

Most anti-detect browsers (Dolphin Anty, AdsPower) have ready-made profiles for mobile devices — use them instead of manual setup.

Data Center Proxies: When to Use

Data center proxies are cheaper and faster but riskier for platforms with strict anti-fraud protection. They can be used for:

• Scraping marketplaces (Wildberries, Ozon) — they are less sensitive to the type of IP.
• Working with Google Ads (with proper fingerprint setup).
• Testing and development (not for production accounts).

It is not recommended to use data center proxies for Facebook Ads, Instagram, TikTok — the ban risk is too high.

X-Forwarded-For and Other Auxiliary Headers

Some proxies add auxiliary headers like X-Forwarded-For, X-Real-IP, Via, which can reveal the use of proxies. Quality proxy providers do not add these headers, but it is important to check:

1. Open a header check site (e.g., httpbin.org/headers).
2. Check for the presence of X-Forwarded-For, Via, X-Proxy-ID headers.
3. If they are present — change the proxy provider or contact support.

Testing Settings: Tools for Testing

After configuring User-Agent and headers, it is critically important to check that everything works correctly and there are no mismatches that could lead to a ban. Here are tools for testing:

1. BrowserLeaks.com — Comprehensive Fingerprint Check

BrowserLeaks is the most popular service for checking all aspects of fingerprints. Open the following pages in the anti-detect browser:

• browserleaks.com/javascript — checks navigator.userAgent, platform, language, and other JavaScript parameters.
• browserleaks.com/webrtc — checks for WebRTC leaks (should show the proxy IP, not your real one).
• browserleaks.com/canvas — checks Canvas fingerprint (should be unique for each profile).
• browserleaks.com/client-hints — checks User-Agent Client Hints (for Chrome).

What to check: make sure all parameters match the selected User-Agent. For example, if the User-Agent indicates Windows 10, then navigator.platform should be "Win32," not "MacIntel."

2. WhatIsMyBrowser.com — Simple User-Agent Check

Open whatismybrowser.com in the anti-detect browser. The service will show:

• The identified browser and version.
• The operating system.
• Whether the version is current (if it shows "Outdated" — update the User-Agent).

3. PixelScan.net — Check for Arbitrageurs

PixelScan is a specialized service for checking fingerprints, popular among arbitrageurs. It shows:

• The uniqueness level of the fingerprint (the higher, the better).
• Mismatches between User-Agent and other parameters (highlighted in red).
• A "trust" score — how realistic the fingerprint looks as a real user.

Recommendation: check each new profile through PixelScan before starting work. If the service shows mismatches — correct them.

4. IPLeak.net — IP and DNS Check

IPLeak shows:

• The IP address that the server sees (should be the proxy IP).
• DNS servers (should not reveal your real location).
• WebRTC IP (should match the proxy IP).

5. Built-in Tools of Anti-Detect Browsers

Modern anti-detect browsers have built-in testing tools:

• Dolphin Anty: "Check Fingerprint" button in profile settings — shows main parameters and their consistency.
• AdsPower: "Fingerprint Check" section — automatically checks the correspondence of User-Agent, Canvas, WebGL.
• Multilogin: "Fingerprint Analyzer" — shows the uniqueness level and potential issues.

Checklist for Safe Work with Multiple Accounts

Let's summarize and create a step-by-step checklist for configuring User-Agent and headers when working with Facebook Ads, Instagram, TikTok, and other platforms.

Before Creating a Profile

1. ✅ Determine the target platform and geography (e.g., Facebook Ads for the USA).
2. ✅ Choose the appropriate type of proxy (residential for Facebook/Instagram, mobile for TikTok/Instagram).
3. ✅ Decide whether to use a desktop or mobile User-Agent.

When Setting Up a Profile in Anti-Detect Browser

4. ✅ Use automatic User-Agent generation (the "Auto" mode in Dolphin Anty, AdsPower).
5. ✅ Ensure that the browser version is current (no older than 2-3 months).
6. ✅ Set the screen resolution according to the selected OS (1920x1080 for Windows, 1440x900 for Mac).
7. ✅ Set the language and time zone according to the proxy IP (en-US for the USA, America/New_York).
8. ✅ Set WebRTC to "Use proxy IP" (not "Disabled" and not "Real IP").
9. ✅ Check that User-Agent Client Hints are enabled (mandatory for Chrome).
10. ✅ For mobile profiles: enable touch events emulation.

After Creating a Profile — Mandatory Check

11. ✅ Open browserleaks.com/javascript — check the correspondence of navigator.userAgent and navigator.platform.
12. ✅ Open browserleaks.com/webrtc — ensure it shows the proxy IP, not your real one.
13. ✅ Check through pixelscan.net — the rating should be "Good" or "Excellent."
14. ✅ Open ipleak.net — check that IP, DNS, and WebRTC correspond to the proxy.
15. ✅ Check Accept-Language through httpbin.org/headers — it should match the proxy geography.

When Mass Creating Profiles

16. ✅ Use variability — each profile should have a unique User-Agent (different minor browser versions).
17. ✅ Do not copy settings from one profile to all others.
18. ✅ Distribute profiles across different browser versions (e.g., 50% — Chrome 120, 30% — Chrome 119, 20% — Chrome 121).
19. ✅ Vary screen resolutions (1920x1080, 1366x768, 2560x1440 for Windows).
20. ✅ Check at least 10% of profiles through external services before launch.

During Work

21. ✅ Update User-Agent every 1-2 months (keep track of Chrome/Firefox releases).
22. ✅ When switching proxies, ensure that the new IP matches the previous location.
23. ✅ Regularly check profiles for consistency and leaks.